REMARKS 



Claims 1-2, 6-7, and 1 1-12 are pending in this application. By this Response, 
claims 1, 6, and 1 1 are amended and claims 3-5, 8-10, and 13-20 are canceled. 
Independent claim 1 is amended to incorporate the features of canceled claims 3, 5, 16, 
and 17. Independent claim 6 is amended to incorporate the features of canceled claims 8, 
10, 18, and 19. Independent claim 1 1 is amended to incorporate the features of canceled 
claims 13, 15, and 20. No new matter has been added by any of the above amendments. 
Moreover, entry of the above amendments after issuance of the Final Office Action is 
proper since the amendments do not raise any new issues requiring further search or 
consideration as the amendments merely incorporate dependent claims into their 
respective independent claims and place the case in better condition for appeal should an 
appeal be necessary. Reconsideration of the claims in view of the above amendments 
and the following remarks is respectfully requested. 

I. Telephone Interview 

Applicants thank Examiner Zelaskiewicz and Supervisory Examiner Fischer for 
the courtesies extended to Applicants' representative during the April 9, 2009 telephone 
interview. During the telephone interview. Examiner Zelaskiewicz and SPE Fischer 
indicated that they understood the distinctions of the present claims over the cited art as 
they were explained by Applicants' representative. SPE Fischer requested that the 
identifying opportunities to reduce privacy-related risks and identifying opportunities to 
transform data into a less sensitive form features of the independent claims be redrafted 
to positively recite "reducing privacy related risks" and "transforming data into a less 
sensitive form" because he alleged that the phrases as they exist in the present claims are 
considered field of use limitations that are not given weight. SPE Fischer indicated that 
he believed that the features of reducing privacy related risks and transforming data into a 
less sensitive form define the claims over the cited references. 

Applicants respectfully disagree that the features of the claims as they currently 
stand recite field of use limitations and respectfully submit that these features must be 
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given weight when examining the claims. The phrases "to reduce privacy-related risks" 
and "to transform data into a less sensitive form" are further defining of the specific types 
of opportunities that are identified. That is, these phrases modify the noun 
"opportunities", not the verb "identifying" and thus, are not field of use limitations. The 
phrase "opportunities to reduce privacy-related risks" is all one thing, i.e. opportunities 
where privacy related risks may be reduced. This could equally be phrased as "privacy 
related risk reduction opportunities." The claim does not recite "identifying 
opportunities, for the purpose of reducing privacy related risks" but rather a specific type 
of opportunity that is being identified based on the privacy agreement relationship 
diagram. This is clear from the language of the claim in that no punctuation is provided 
between the term "opportunities" and "to reduce privacy-related risks." Moreover, this is 
clear when the claims are read in light of the present specification, i.e. page 24, lines 1-7. 

The same is true of the feature of identifying opportunities to transform data into a 
less sensitive form based on one or more privacy agreement relationship diagrams. 
Again, the claim does not simply recite identifying any type of opportunity. To the 
contrary, the phrase "to transform data into a less sensitive form" modifies the noun 
"opportunities" and thereby specifies what type of opportunities are being identified. 
Thus, these features are not simply field of use limitations but rather specific types of 
opportunities that are being identified. Accordingly, these features must be given weight 
by the Examiner when examining the claims. 

The substance of the telephone interview is further summarized in the following 
remarks. 

II. Rejection under 35 U.S.C. § 112, Second Paragraph 

The Office Action rejects claims 4, 9, and 14 under 35 U.S.C. § 1 12, second 
paragraph. By this Response, these claims have been canceled and thus, this rejection is 
rendered moot. Accordingly, Applicants respectfully request withdrawal of the rejection 
of claims 4, 9, and 14 under 35 U.S.C. § 1 12, second paragraph. 
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III. 



Rejection under 35 U.S.C. § 103(a) 



The Office Action rejects claims 1-20 under 35 U.S.C. § 103(a) as being allegedly 
unpatentable over Coffey et al. (U.S. Patent No. 6,636,858) in view of Ginter et al. (U.S. 
Patent No. 5,892,900). This rejection is respectfully traversed. 

Amended claim 1 , which is representative of the other amended independent 
claims 6 and 1 1 with regard to similarly recited subject matter, reads as follows: 



1 . A method, in an information handling system comprising a 
processor and a storage device, for improving the handling of personally 
identifiable information, said method comprising: 

generating, in the information handling system, an object model 
for representing relationships between active entities with regard to 
handling of personally identifiable information, wherein the active entities 
comprise a data subject, represented as a data subject object in the object 
model, and at least one data user, represented as at least one data user 
object in the object model, and wherein the data subject is an active entity 
that is identified by the personally identifiable information and the at least 
one data user is an active entity that uses the personally identifiable 
information obtained from the data subject; 

identifying, by the information handling system, parties involved 
in a process of handling personally identifiable information based on the 
object model, wherein the parties comprise the data subject and the at least 
one data user; 

identifying, by the information handling system, data involved in 
said process from a data model; 

classifying, by the information handling system, the data as 
personally identifiable information or non-personally identifiable 
information; 

expressing, by the information handling system, based on the 
object model, each relationship between each pair of said parties in 
terms of a privacy agreement, wherein the privacy agreement for each 
relationship between each pair of parties is a subset of a natural 
language privacy policy set, the subset being defined as specific to a 
particular situation or purpose and specific to the particular parties in 
the pair of parties; and 

representing, by the information handling system, said parties, said 
data, and said privacy agreements graphically as objects and associations 
between objects in one or more privacy agreement relationship diagrams; 

identifying opportunities to reduce privacy-related risks involved 
in said process based on the one or more privacy agreement relationship 
diagrams; and 
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identifying opportunities to transform data into a less sensitive 
form based on the one or more privacy agreement relationship 
diagrams, wherein the less sensitive form is one of a de-personalized 
form in which transformed data does not contain personally identifiable 
information that identifies the data subject but is able to be associated 
with the data subject using other data having personally identifiable 
information, or an anonymous form in which transformed data does not 
contain personally identifiable information that identifiers the data 
subject and is not able to be associated with the data subject, wherein: 

each privacy agreement uses a limited number of privacy-related 
actions concerning said personally identifiable information; and 

said privacy agreement expresses privacy rules regarding said 
privacy-related actions, for each party in a pair of parties with which the 
privacy agreement is associated, 
(emphasis added) 



Applicants respectfully submit that neither Coffey nor Ginter, whether taken alone or in 
combination, teaches or provides any technical rationale to implement at least those 
features of independent claim 1 emphasized above or the similar features found in the 
other rejected independent claims 6 and 1 1 . 

Coffey is directed to a mechanism for associating entities of a database system 
using unique entity licenses, attribute licenses, and relationship licenses. With the 
mechanism of Coffey, entities may be associated with each other via a relationship 
license that specifies the unique entity license numbers of the entities involved in the 
relationship. Coffey further teaches the generation of a relationship diagram (see Figure 
5) based on these licenses. As shown in Figure 5, entity licenses may have relationships 
depicted as arrows with boxes indicative of the relationship license. 

While Coffey teaches a mechanism for defining relationships between entities in 
terms of a unique relationship license, nowhere in Coffey is there any teaching or 
technical rationale provided to implement the feature of expressing, based on the object 
model, each relationship between each pair of parties in terms of a privacy agreement, 
wherein the privacy agreement for each relationship between each pair of parties, is a 
subset of a natural language privacy policy set, the subset being defined as specific to a 
particular situation or purpose and specific to the particular parties in the pair of 
parties. Coffey does not even mention privacy agreements, a natural language privacy 
policy set, a subset of a natural language privacy policy set, or a subset being defined as 
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specific to a particular situation or purpose and specific to the particular parties in a pair 
of parties. 

The Office Action alleges that this feature is taught by Coffey at column 6, line 47 
to column 7, line 17 which reads as follows: 



Referring now to FIG. 4, the format of a Relationship Attribute 
License 44 includes Relationship Attribute License Number Field 46, a 
Relationship License Number Field 48, optional Additional Relationship 
License Number Fields 50, an optional Relationship Attribute Name Field 
52, a Relationship Attribute Value Field 54 and an optional Flag Field 56. 
The Relationship Attribute License 44 of FIG. 4 is identified by a uniquely 
distinguishable Relationship Attribute License Number 58 of 6001. This 
Relationship Attribute License Number 58 of 6001 is stored in the 
Relationship Attribute License Number Field 46. Each Relationship 
Attribute License Number 58 is unique, or uniquely identifiable through 
out the database structure. The Relationship License Number 35 of 4306 
stored in the Relationship License Number Field 48 specifies that the 
Relationship Attribute License 23 A of FIG. 4 refers to the Relationship 
License 23A that defines a relationship existing between the Entity 
License 2 for the person of Mary Smith and the Entity License 2 for Frank 
Smith. The optional Additional Relationship License Number Fields 50 
may be used to associate the Relationship Attribute License 44 of FIG. 4 
with other Entity Licenses 2 in addition to the Entity License 2 associated 
with the Relationship License 4306. The optional Relationship Attribute 
Name Field 52 stores a name 57 of PARENT. The Relationship Attribute 
Value Field 54 stores a value 59 of MOTHER, mother being a name of a 
relatedness that exists Mary Smith and her son Frank Smith. The optional 
Flag Field 56 contains a binary pattern 60 that informs the database about 
the nature of the Relationship Attribute License 44, such as whether this 
Relationship Attribute License 44 includes only one or more than one 
Relationship License Number Fields 48, 50, or whether this Relationship 
Attribute License 44 does or does not include a Relationship Attribute 
Name Field 52. The database manager may, for example, wish to structure 
a single Relationship Attribute License 44 to denote that various persons 
identified by the database are mothers of various other persons identified 
by the database. 

While this section of Coffey teaches the use of a relationship license and relationship 
license attribute to define a relationship between two entities, i.e. Mary Smith and Frank 
Smith, there is nothing in this or any other section of Coffey regarding a privacy 
agreement, or that a privacy agreement is a subset of a natural language privacy policy set 
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that is specific to a particular situation or purpose and specific to the particular parties in 
a pair of parties. Coffey does not even mention privacy agreements. 

In addition, while Coffey may teach the generation of a relationship diagram in 
Figure 5, there is nothing in Coffey that teaches or provides any technical rationale to 
implement the features of identifying opportunities to transform data into a less 
sensitive form based on the one or more privacy agreement relationship diagrams, 
wherein the less sensitive form is one of a de-personalized form in which transformed 
data does not contain personally identifiable information that identifies the data 
subject but is able to be associated with the data subject using other data having 
personally identifiable information, or an anonymous form in which transformed data 
does not contain personally identifiable information that identifiers the data subject 
and is not able to be associated with the data subject. At most, what can be determined 
from the relationship diagram of Figure 5 in Coffey is that a relationship exists between 
two parties and the direction of the relationship. Nowhere in Coffey is there any teaching 
or technical rationale provided for identifying opportunities to transform data into a less 
sensitive form based on one or more privacy agreement relationship diagrams, let alone 
the specific less sensitive forms of de-personalized form or anonymous form. 

These features were previously presented in claims 5, 16, and 17 that depended 
from claim 1 , and similar dependent claims from the other independent claims. The 
Office Action, with regard to claims 5, 16, and 17, alleges that these features are taught 
by Ginter. Ginter is directed to a mechanism for transaction management and electronic 
rights protection in which information is accessed and used only in authorized ways such 
that the integrity, availability, and confidentiality of the information is maintained. 

The Office Action alleges that the features of claims 5, 16, and 17. at column 57, 
lines 45-55; column 279, lines 50-61; and column 318 line 59 to column 319, line 14 with 
particular emphasis on column 57, lines 45-55. Applicants respectfully disagree. 

Column 57, lines 45-55 of Ginter read as follows: 

"Rules and controls" can be used to protect the content user's 
privacy by limiting the information that is reported to other VDE 
participants. As one example, "rules and controls" can cause content usage 
information to be reported anonymously without revealing content user 
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identity, or it can reveal only certain information to certain participants 
(for example, information derived from usage) with appropriate 
permission, if required. This ability to securely control what information is 
revealed and what VDE participant(s) it is revealed to allows the privacy 
rights of all VDE participants to be protected. 

While this section of Ginter teaches that the "rules and controls" of Ginter may be used to 
protect a content user's privacy by limiting information that is reported to other virtual 
distribution environment (VDE) participants, this does not teach or provide any technical 
rationale to utilize a privacy agreement relationship diagram to identify opportunities to 
transform data into a less sensitive form. To the contrary, Ginter merely teaches that the 
information can be limited using rules and controls. There is no ability in Ginter to 
utilize a privacy agreement relationship diagram to identify opportunities to transform 
data or "limit information." 

Moreover, there is no teaching in Ginter to utilize a privacy agreement 
relationship diagram to identify opportunities to transform data into either a de- 
personalized form or an anonymous form as recited in claim 1 . Ginter mentions limiting 
information and even reporting information anonymously, but does not teach or provide 
any technical rationale to identify opportunities to transform data into a de-personalized 
form or an anonymous form based on a privacy agreement relationship diagram. 

The other cited sections of Ginter, i.e. column 279, lines 50-61 and column 318 
line 59 to column 319, line 14, read as follows: 



Since the end-user 1 12 is the ultimate consumer of content in this 
example, VDE 1 00 is designed to provide protected content in a seamless 
and transparent way— so long as the end-user stays within the limits of the 
permissions she has received. The activities of end-user 1 1 2 can be 
metered so that an audit can be conducted by distributors 106. The 
auditing process may be filtered and/or generalized to satisfy user privacy 
concerns. For example, metered, recorded VDE content and/or appliance 
usage information may be filtered prior to reporting it to distributor 1 06 to 
prevent more information than necessary from being revealed about 
content user 1 12 and/or her usage, 
(column 279, lines 50-61) 

In this example, end users 33 10 may transmit VDE permissions and/or 
other control information to the repository 3302 permitting and/or denying 
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access to usage information collected by the audit system for use by the 
analysis system. This, in part, may help ensure end user's privacy rights as 
it relates to the usage of such information. Some containers may require as 
an aspect of their control structures, that an end user make usage 
information available for analysis purposes. Other containers may give an 
end user the option of either allowing the usage information to be used for 
analysis, or denying some or all such uses of such information. Some users 
may elect to allow analysis of certain information, and deny this 
permission for other information. End users 3310 in this example may, for 
example, elect to limit the granularity of information that may be used for 
analysis purposes (e.g. an end user may allow analysis of the number of 
movies viewed in a time period but disallow use of specific titles, an end 
user may allow release of their ZIP code for demographic analysis, but 
disallow use of their name and address, etc.) Authors and/or the repository 
3302 may, for example, choose to charge end users 3310 smaller fees if 
they agree to release certain usage information for analysis purposes, 
(column 318 line 59 to column 319, line 14) 

These sections of Ginter teach that auditing information may be filtered to satisfy user 
privacy concerns. While these sections, like column 57, lines 45-55, mention privacy and 
being able to filter information to ensure privacy, there is no teaching or technical 
rationale provided for the specific features of identifying opportunities to transform data 
into a less sensitive form based on the one or more privacy agreement relationship 
diagrams, wherein the less sensitive form is one of a de-personalized form in which 
transformed data does not contain personally identifiable information that identifies the 
data subject but is able to be associated with the data subject using other data having 
personally identifiable information, or an anonymous form in which transformed data 
does not contain personally identifiable information that identifiers the data subject 
and is not able to be associated with the data subject. 

Thus, neither Coffey nor Ginter, either alone or in combination, teach or provide 
any technical rational to implement the features of identifying opportunities to transform 
data into a less sensitive form based on the one or more privacy agreement relationship 
diagrams, wherein the less sensitive form is one of a de-personalized form in which 
transformed data does not contain personally identifiable information that identifies the 
data subject but is able to be associated with the data subject using other data having 
personally identifiable information, or an anonymous form in which transformed data 
does not contain personally identifiable information that identifiers the data subject 
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and is not able to be associated with the data subject, as recited in claim 1 . Coffey 
teaches a relationship diagram, but nothing regarding privacy agreements or privacy 
agreement relationship diagrams, let alone using such privacy agreement relationship 
diagrams to identify opportunities to transform data into a less sensitive form. Ginter 
teaches that information may be filtered to ensure privacy, but, like Coffey, does not 
teach anything regarding privacy agreement relationship diagrams or using such diagrams 
to identify opportunities to transform data into a less sensitive form. 

In view of the above. Applicants respectfully submit that the alleged combination 
of Coffey and Ginter does not teach or render obvious the specific features recited in 
amended claim 1 . Similarly, the alleged combination of references does not teach or 
render obvious the similar features found in the other independent claims 6 and 1 1 . At 
least by virtue of their dependencies, the alleged combination of references fails to teach 
or render obvious the features of dependent claims 2, 7, and 12. Accordingly, Applicants 
respectfully request withdrawal of the rejection of claims 1-2, 6-7, and 11-12 under 35 
U.S.C. § 103(a). 

IV. Conclusion 

It is respectfully urged that the subject application is now in condition for 
allowance. The Examiner is invited to call the undersigned at the below-listed telephone 
number if in the opinion of the Examiner such a telephone conference would expedite or 
aid the prosecution and examination of this application. 



Respectfully submitted. 



DATE: April 17. 2009 




Stephen J. Walder, Jr. 
Reg. No. 41,534 

Walder Intellectual Property Law, P.C. 
17330 Preston Road, Suite lOOB 
Dallas, TX 75252 
(972) 380-9475 

ATTORNEY FOR APPLICANTS 
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